Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

INFO

Published Date :

2026-01-30T20:15:51.772Z

Last Modified :

2026-02-02T18:01:06.518Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25130 vulnerability.

Vendors Products
Aliasrobotics
  • Cai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25130.

URL Resource
https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60 cve-icon cve-icon
https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde cve-icon cve-icon
https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact